Overclock.net › Forums › Industry News › Software News › [MaxPC] Zero-day to Breach Chrome
New Posts  All Forums:Forum Nav:

[MaxPC] Zero-day to Breach Chrome

post #1 of 36
Thread Starter 
http://www.maximumpc.com/article/new...s_key_defenses

Quote:
“The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox,†the company said, “it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64).
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #2 of 36
So much for the sandbox = hack-proof theory that some people advocate.
post #3 of 36
Quote:
Originally Posted by Riou View Post
So much for the sandbox = hack-proof theory that some people advocate.
Yep, nothing is hack proof. It is for sure and certain, not the first payload to exploit sandboxed browsers either.
Edited by Lucky 13 SpeedShop - 5/9/11 at 9:44pm
Pit Stop
(35 items)
 
  
CPUMotherboardGraphicsRAM
1090T Gigabyte 990FXA-UD5 MSi ref. 6950 2GB unlocked 4GB STT WX200UB2G7 
Hard DriveHard DriveOptical DriveCooling
Samsung F3 Crucial M4 Teac slim slot load DIYINHK Toshiba pwm pump controller upgrade 
CoolingCoolingCoolingCooling
Yate Loon D12SH-12 Silverstone SST-AP181 Koolance DDC pump housing/heasink Sunon 60 mm cooling fan for pump housing 
CoolingCoolingCoolingCooling
Bitspower 7/16" Black Sparkle compression fitt... Bitspower Black Sparkle 90 degree double rotary... Bitspower 45 degree rotary fittings Primochill LRT UV blue tubing 
CoolingCoolingCoolingCooling
XSPC Rasa cpu block XSPC RX-240 radiator XSPC DDC res. top Laing DDC-1  
OSMonitorKeyboardPower
7 Professional Samsung EX-2220 Das Professional Seasonic's dead :( 
CaseMouseMouse PadAudio
Lian Li T60-B PureTrak Valor Ratpadz GS Auzentech X-plosion 7.1 
AudioAudioAudioOther
AKG K701's Lil Dot MK.III hp amp Burr-Brown OPA627SM opamp upgrade Custom built MTM style transmission line 
OtherOtherOther
Various amps. Custom built MTM style transmission line 15" Dayton Titanic MK.III 
  hide details  
Reply
Pit Stop
(35 items)
 
  
CPUMotherboardGraphicsRAM
1090T Gigabyte 990FXA-UD5 MSi ref. 6950 2GB unlocked 4GB STT WX200UB2G7 
Hard DriveHard DriveOptical DriveCooling
Samsung F3 Crucial M4 Teac slim slot load DIYINHK Toshiba pwm pump controller upgrade 
CoolingCoolingCoolingCooling
Yate Loon D12SH-12 Silverstone SST-AP181 Koolance DDC pump housing/heasink Sunon 60 mm cooling fan for pump housing 
CoolingCoolingCoolingCooling
Bitspower 7/16" Black Sparkle compression fitt... Bitspower Black Sparkle 90 degree double rotary... Bitspower 45 degree rotary fittings Primochill LRT UV blue tubing 
CoolingCoolingCoolingCooling
XSPC Rasa cpu block XSPC RX-240 radiator XSPC DDC res. top Laing DDC-1  
OSMonitorKeyboardPower
7 Professional Samsung EX-2220 Das Professional Seasonic's dead :( 
CaseMouseMouse PadAudio
Lian Li T60-B PureTrak Valor Ratpadz GS Auzentech X-plosion 7.1 
AudioAudioAudioOther
AKG K701's Lil Dot MK.III hp amp Burr-Brown OPA627SM opamp upgrade Custom built MTM style transmission line 
OtherOtherOther
Various amps. Custom built MTM style transmission line 15" Dayton Titanic MK.III 
  hide details  
Reply
post #4 of 36
It is great there are firms doing this sorta stuff. Better to have trusted hands find the exploits so it can be fixed up.

Good job rockin Google Chrome's socks... but it'll still be my browser of choice
Beast of Burden
(19 items)
 
Cool story, bro!
(16 items)
 
 
CPUMotherboardGraphicsRAM
i7 3770k Gigabyte Z77X-UD5H Gigabyte HD 7970 Reference Ripjaws Z 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 Caviar Black ASUS DVD XSPC Raystorm 
CoolingCoolingCoolingOS
EK FC-7970 w/ Backplate Copper/Acetal RX360 w/ 3x Yate Loon High Speed in Push XSPC Dual Bay Res w/ D5 Pump Windows 7 
MonitorMonitorKeyboardPower
ASUS VE226H ASUS VE226H Cooler Master Quickfire Rapid Corsair HX850 
CaseMouseMouse Pad
HAF 932 Advanced Razer Deathadder QcK Mini 
CPUMotherboardGraphicsRAM
Q9550@ 3.5GHz w/ 1.191v Gigabyte GA-EP45-UD3P Sapphire Reference 5850 @ 775/1100 G.SKILL 4GB (2 x 2GB) DDR2 1066 
Hard DriveHard DriveHard DriveOptical Drive
Crucial C300 Spinpoint F3 Caviar Black ASUS DVD-RW 
CoolingOSMonitorKeyboard
Arctic Cooling Freezer 7 Pro Windows 7 Home Premium 64-bit Samsung 23" Saitek Eclipse III 
PowerCaseMouse
Corsair 430W NZXT Source 210 Wolf King 
  hide details  
Reply
Beast of Burden
(19 items)
 
Cool story, bro!
(16 items)
 
 
CPUMotherboardGraphicsRAM
i7 3770k Gigabyte Z77X-UD5H Gigabyte HD 7970 Reference Ripjaws Z 
Hard DriveHard DriveOptical DriveCooling
Crucial M4 Caviar Black ASUS DVD XSPC Raystorm 
CoolingCoolingCoolingOS
EK FC-7970 w/ Backplate Copper/Acetal RX360 w/ 3x Yate Loon High Speed in Push XSPC Dual Bay Res w/ D5 Pump Windows 7 
MonitorMonitorKeyboardPower
ASUS VE226H ASUS VE226H Cooler Master Quickfire Rapid Corsair HX850 
CaseMouseMouse Pad
HAF 932 Advanced Razer Deathadder QcK Mini 
CPUMotherboardGraphicsRAM
Q9550@ 3.5GHz w/ 1.191v Gigabyte GA-EP45-UD3P Sapphire Reference 5850 @ 775/1100 G.SKILL 4GB (2 x 2GB) DDR2 1066 
Hard DriveHard DriveHard DriveOptical Drive
Crucial C300 Spinpoint F3 Caviar Black ASUS DVD-RW 
CoolingOSMonitorKeyboard
Arctic Cooling Freezer 7 Pro Windows 7 Home Premium 64-bit Samsung 23" Saitek Eclipse III 
PowerCaseMouse
Corsair 430W NZXT Source 210 Wolf King 
  hide details  
Reply
post #5 of 36
I sure hope they inform Google with the technical information about the vulnerability so they can patch it.
The Batcomputer
(25 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7-7700K @ 5.0 GHz GIGABYTE Aorus GA-Z270X-Gaming 7 LGA 1151 Intel... ASUS ROG GeForce GTX 1070 STRIX-GTX1070-O8G-GAM... G.SKILL Trident Z Series 32GB (2 x 16GB) 3000MH... 
Hard DriveHard DriveHard DriveHard Drive
SAMSUNG 950 PRO M.2 256GB SSD (Windows) SAMSUNG 850 PRO 128GB SATA III SSD (macOS) SAMSUNG 850 PRO 128GB SATA III SSD (Arch Linux) SAMSUNG 850 PRO 128GB SATA III SSD (Ubuntu) 
Hard DriveHard DriveHard DriveCooling
Seagate Ironwolf 8TB NAS 7200 RPM 256MB Cache H... Seagate Ironwolf 8TB NAS 7200 RPM 256MB Cache H... Seagate Ironwolf 8TB NAS 7200 RPM 256MB Cache H... Swiftech H320-X2 Prestige AIO Water Cooling 
OSOSOSOS
Windows 10 Pro Creators Update 64-bit macOS 10.12.6 Sierra Arch Linux 64-bit Linux Mint 18.2 Sonya (Cinnamon) 64-bit 
MonitorKeyboardPowerCase
Pixio PX277 27" 2560x1440 144Hz FreeSync IPS WQ... Ducky Shine 5 RGB LED Backlit Mechanical Keyboa... EVGA Supernova 1200 P2 80 PLUS PLATINUM Certifi... Phanteks Enthoo Primo ATX Full Tower Computer C... 
MouseMouse PadAudioAudio
Nixeus Revel Gaming Mouse SteelSeries QcK+ Gaming Mouse Pad Schiit Modi 2 Uber USB DAC Behringer MS40 Studio Monitors 
Other
APC BX1500M Uninterruptible Power Supply 
  hide details  
Reply
The Batcomputer
(25 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7-7700K @ 5.0 GHz GIGABYTE Aorus GA-Z270X-Gaming 7 LGA 1151 Intel... ASUS ROG GeForce GTX 1070 STRIX-GTX1070-O8G-GAM... G.SKILL Trident Z Series 32GB (2 x 16GB) 3000MH... 
Hard DriveHard DriveHard DriveHard Drive
SAMSUNG 950 PRO M.2 256GB SSD (Windows) SAMSUNG 850 PRO 128GB SATA III SSD (macOS) SAMSUNG 850 PRO 128GB SATA III SSD (Arch Linux) SAMSUNG 850 PRO 128GB SATA III SSD (Ubuntu) 
Hard DriveHard DriveHard DriveCooling
Seagate Ironwolf 8TB NAS 7200 RPM 256MB Cache H... Seagate Ironwolf 8TB NAS 7200 RPM 256MB Cache H... Seagate Ironwolf 8TB NAS 7200 RPM 256MB Cache H... Swiftech H320-X2 Prestige AIO Water Cooling 
OSOSOSOS
Windows 10 Pro Creators Update 64-bit macOS 10.12.6 Sierra Arch Linux 64-bit Linux Mint 18.2 Sonya (Cinnamon) 64-bit 
MonitorKeyboardPowerCase
Pixio PX277 27" 2560x1440 144Hz FreeSync IPS WQ... Ducky Shine 5 RGB LED Backlit Mechanical Keyboa... EVGA Supernova 1200 P2 80 PLUS PLATINUM Certifi... Phanteks Enthoo Primo ATX Full Tower Computer C... 
MouseMouse PadAudioAudio
Nixeus Revel Gaming Mouse SteelSeries QcK+ Gaming Mouse Pad Schiit Modi 2 Uber USB DAC Behringer MS40 Studio Monitors 
Other
APC BX1500M Uninterruptible Power Supply 
  hide details  
Reply
post #6 of 36
Thread Starter 
Quote:
Originally Posted by Riou View Post
So much for the sandbox = hack-proof theory that some people advocate.
Sandboxing is not hacker-proof... but is a technique that makes it much more difficult.
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #7 of 36
If it is truly a browser vulnerability, it's one thing to do it in Windows, but what about Linux or ChromeOS?
    
CPUMotherboardGraphicsRAM
AMD 4850e :: 12x @3000MHz +0.15V ASUS M3A78-EM :: Clock @250MHz HT: 5x (1250MHz) Integrated ATI 3200 @ 700MHz ATI Driver Ver 9.12 G.Skill 2x1GB F2-8500CL5D-2GBPK@1012 4-5-5-15-24 
Hard DriveOptical DriveOSMonitor
Seagate Barracude 7200.10 250GB SATA LG 22x GH22NS30 Win XP Pro SP3 (32 bit) Acer X223W, Compaq 19" CRT 
PowerCase
Rosewill 300W Rosewill R379-SM 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AMD 4850e :: 12x @3000MHz +0.15V ASUS M3A78-EM :: Clock @250MHz HT: 5x (1250MHz) Integrated ATI 3200 @ 700MHz ATI Driver Ver 9.12 G.Skill 2x1GB F2-8500CL5D-2GBPK@1012 4-5-5-15-24 
Hard DriveOptical DriveOSMonitor
Seagate Barracude 7200.10 250GB SATA LG 22x GH22NS30 Win XP Pro SP3 (32 bit) Acer X223W, Compaq 19" CRT 
PowerCase
Rosewill 300W Rosewill R379-SM 
  hide details  
Reply
post #8 of 36
Quote:
Originally Posted by wamubu View Post
If it is truly a browser vulnerability, it's one thing to do it in Windows, but what about Linux or ChromeOS?
chromeos being a linux kernel, I would say it's pretty likely to work if it works at all in linux.

I'm not sure how well browser exploits port between the different operating systems however, I suppose it would have to do with how much code is similar, and in the case of chrome, a lot of it is. but at the same time, linux may have an operating system level security that will stop this, or at least keep it in user mode rather than running as root or something.
Renaissance
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 4790K GA-Z97n-Gaming 5 HIS 7850 Mushkin Blackline 2x8GB DDR3 2133 
Hard DriveCoolingOSCase
Corsair GS 240 Corsair H50 Windows 8.1 Lian-li PC-Q08R 
Mouse
Razer Deathadder 3500dpi 
  hide details  
Reply
Renaissance
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 4790K GA-Z97n-Gaming 5 HIS 7850 Mushkin Blackline 2x8GB DDR3 2133 
Hard DriveCoolingOSCase
Corsair GS 240 Corsair H50 Windows 8.1 Lian-li PC-Q08R 
Mouse
Razer Deathadder 3500dpi 
  hide details  
Reply
post #9 of 36
Quote:
Originally Posted by Riou View Post
So much for the sandbox = hack-proof theory that some people advocate.
Sandboxing has never been "hack proof". It does help though.
Kilowatt
(20 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 Asus Rampage III Extreme 2x EVGA GTX 480 in SLI Corsair XMS3 DDR3 1600 
Hard DriveHard DriveCoolingCooling
Intel X-25M SSD 2x SAMSUNG F4 HD204UI 2TB Koolance CPU 360 2x Koolance GTX 480 FC Nickle plated Water blocks 
OSMonitorKeyboardPower
Windows 7 64 BenQ XL2410T Ducky DK1087 Corsair HX1000 
CaseMouseMouse PadAudio
Antec 1200 G5 Razer Goliathus Beresford Caiman+ 
AudioAudioAudioOther
Sony MDR-V6 Heil PR20 Shure X2U NZXT Sentry 
  hide details  
Reply
Kilowatt
(20 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 Asus Rampage III Extreme 2x EVGA GTX 480 in SLI Corsair XMS3 DDR3 1600 
Hard DriveHard DriveCoolingCooling
Intel X-25M SSD 2x SAMSUNG F4 HD204UI 2TB Koolance CPU 360 2x Koolance GTX 480 FC Nickle plated Water blocks 
OSMonitorKeyboardPower
Windows 7 64 BenQ XL2410T Ducky DK1087 Corsair HX1000 
CaseMouseMouse PadAudio
Antec 1200 G5 Razer Goliathus Beresford Caiman+ 
AudioAudioAudioOther
Sony MDR-V6 Heil PR20 Shure X2U NZXT Sentry 
  hide details  
Reply
post #10 of 36
No system is ever 100% safe. If it can be created it can be bypassed, it just might take some time.

The goal is to make it very difficult, so that the majority of people will not be able to bypass it. Why do we put locks on our front doors? A sufficiently skilled person can get past them in seconds, but they deter most people.

According to the article Google haven't confirmed this breach yet, but if / when they do you can expect to see a patch a few days / weeks / months later. Then the game begins again...
Main
(21 items)
 
HTPC
(10 items)
 
 
CPUMotherboardGraphicsRAM
i5 2550k P8P67 Pro Sapphire HD 7950 G.Skill RipJaws X 1600 Cas 9 
Hard DriveHard DriveHard DriveCooling
Corsair Force 120 WD Blue 500GB WD Caviar Green 1TB XSPC RayStorm 
CoolingCoolingCoolingCooling
RX240 MCR 220 EK 7950 Copper Acetal  DDC-1T 
OSMonitorMonitorKeyboard
Windows 7 64-bit Dell U2311H Oculus Rift DK2 Ducky Shine 3 MX Brown 
PowerCaseMouseAudio
Corsair TX 750W CoolerMaster CM690 II G500 Klipsch ProMedia 2.1 
Audio
Asus Xonar DX 
CPUMotherboardRAMHard Drive
A10-6800K Gigabyte GA-F2A85XN-WIFI G Skill 1600 CAS9 Kingston SSD Now 60GB 
Hard DriveOptical DriveCoolingOS
WD Caviar Blue 1TB LG Slim Blu-Ray player Silverstone NT06-PRO  Widows 7 Home Premium 
PowerCase
Silverstone Sfx Series ST45SF 450W Silverstone SG05 
  hide details  
Reply
Main
(21 items)
 
HTPC
(10 items)
 
 
CPUMotherboardGraphicsRAM
i5 2550k P8P67 Pro Sapphire HD 7950 G.Skill RipJaws X 1600 Cas 9 
Hard DriveHard DriveHard DriveCooling
Corsair Force 120 WD Blue 500GB WD Caviar Green 1TB XSPC RayStorm 
CoolingCoolingCoolingCooling
RX240 MCR 220 EK 7950 Copper Acetal  DDC-1T 
OSMonitorMonitorKeyboard
Windows 7 64-bit Dell U2311H Oculus Rift DK2 Ducky Shine 3 MX Brown 
PowerCaseMouseAudio
Corsair TX 750W CoolerMaster CM690 II G500 Klipsch ProMedia 2.1 
Audio
Asus Xonar DX 
CPUMotherboardRAMHard Drive
A10-6800K Gigabyte GA-F2A85XN-WIFI G Skill 1600 CAS9 Kingston SSD Now 60GB 
Hard DriveOptical DriveCoolingOS
WD Caviar Blue 1TB LG Slim Blu-Ray player Silverstone NT06-PRO  Widows 7 Home Premium 
PowerCase
Silverstone Sfx Series ST45SF 450W Silverstone SG05 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [MaxPC] Zero-day to Breach Chrome